30-7
Software Configuration Guide—Release 12.2(25)EWA
OL-6850-03
Chapter30 Configuring Port Security an d Trunk Port Security
Configuring Port Security
------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0000.0000.0001 SecureSticky Fa5/1 -
1 0000.0000.0002 SecureSticky Fa5/1 -
1 0000.0000.0003 SecureConfigured Fa5/1 -
------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 2
Max Addresses limit in System (excluding one mac per port) : 1024
Configuring Trunk Port Security
Trunk port security extends port security to trunk ports. It restricts the allowed MAC addresses or the
maximum number of MAC addresses to individual VLANs on a trunk port. Trunk port security enables
service providers to block the access from a station with a different MAC address than the ones specified
for that VLAN on that trunk port. When a trunk port sec urity violation occurs, the trunk port is shu t down
and an SNMP trap may be generated. Trunk port security is also supported on private VLAN trunk ports.
Trunk port security is used when a Catalyst 4500 series switch has a dot1q or isl trunk attached to a
neighborhood Layer 2 switch. This may be used, for example, in me tro aggregation networks
(Figure 30-1).
Figure30-1 Trunk Port Security
SVI 2 SV1 3
5/45/35/25/1
Metro
Layer 2 switch
Access port in VLAN 2 Access port in VLAN 3
ISL or
dot1q trunk
gi1/1
130601